From owner-freebsd-current Thu Feb 29 09:32:46 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id JAA24674 for current-outgoing; Thu, 29 Feb 1996 09:32:46 -0800 (PST) Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id JAA24669 Thu, 29 Feb 1996 09:32:41 -0800 (PST) Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id LAA04770; Thu, 29 Feb 1996 11:31:53 -0600 From: Joe Greco Message-Id: <199602291731.LAA04770@brasil.moneng.mei.com> Subject: Re: IPFW (was: Re: -stable hangs at boot) To: phk@critter.tfs.com (Poul-Henning Kamp) Date: Thu, 29 Feb 1996 11:31:52 -0600 (CST) Cc: stable@freebsd.org, current@freebsd.org In-Reply-To: <2612.825584015@critter.tfs.com> from "Poul-Henning Kamp" at Feb 29, 96 09:53:35 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-current@freebsd.org Precedence: bulk > > Technically, one might want to place it's much-less-often-considered brother > > in the firewall too... the one that prevents OUTgoing packets that do NOT > > have a 13.0.0.0 address... > > > > (no I don't do this either but I should). > > And if you're on a lousy ISP, also a filter to block all of the "private" > networks, 192.168.x.x and so on, (RFC 1596 ?) RFC1597: 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 That's a real good point, actually. Also 127.*, I would think... (actually, some non-lousy ISP's assign space out of this address range as it serves as a very "gross" firewall. And even if you don't, your customers might use it as described in 1597 and have a misconfigured router that doesn't prevent outbound packets. This implies you want to stop traffic in BOTH directions). Gosh, this gets complex quickly :-) ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/546-7968